<?php

/**
* 用户中心
*
* @package		Hooloo framework
* @author 		Bill
* @copyright 	Hooloo Co.,Ltd
* @version		1.0
* @release		2017.05.08
*/
defined('BASEPATH') OR exit('No direct script access allowed');

class User extends Controller{
	public function __construct(){
		parent::__construct();
	}
	
	/**
     * 基本资料
     */
	public function index() {
		$this->display();
	}
	
	/**
     * 用户登录
     * @param	string	$username	用户名
     * @param	string	$password 	密码
     * @param	string	$verify 	验证码
     * @param	array	$result 	返回结果
     */
	public function login() {
		
		//执行登录
		if (IS_POST) {
			//早上8点以前，下午5点以后，周六、周日闭市。
			$h = date("H");
			$w = date("w");
			if (($h < 8 || $h > 17 || $w == 6 || $w == 0)) {
				//系统关闭
				ajax_return(0, '交易系统闭市，暂不开放！');  
				$this->display("/public/close");
			}
			
			//接收参数
			$username = isset($_POST["username"]) ? substr(sql_format($_POST["username"]), 0, 20) : "";
			$password = isset($_POST["password"]) ? $_POST["password"] : "";
			$code = isset($_POST["code"]) ? substr($_POST["code"], 0, 4) : "";

			//校验参数
			if (! $username) {
				ajax_return(0, "用户名不能为空");
			}
			if (! $password) {
				ajax_return(0, "密码不能为空");
			}
			if (! $code) {
				ajax_return(0, "验证码不能为空");
			}
			
			//校验验证码
			$verify = new Verify();  
			if (! $verify->check($code, "")) {
				ajax_return(0, '验证码不正确');  
			}
			
			//查找用户
			$sql = "select id, username, sex, nickname, realname, mobile, is_locked, is_stop, is_disable, try_times, last_try, password, atmpwd, demo_account, aid from user where username = '$username'";
			$user = $this->db->query($sql)->row_array();
			if (! $user) {
				ajax_return(0, "您输入的帐号不存在");
			}
			
			//判断登录次数
			if ($user["try_times"] > 10 && time() - $user["last_try"] < 600) {
				ajax_return(0, "您登录次数太多，请10分钟后重试！");
			}
			
			//判断密码
			if (DEVELOPMENT_ENVIRONMENT == false && $user["password"] != md5($password)) {
				//更新输错次数
				$sql = "update user set try_times = try_times + 1, last_try = '" . time() . "', ip = '" . get_client_ip() . "' where username = '$username'";
				$this->db->query($sql);
				ajax_return(0, "您输入密码不正确，请重新输入");
			} else {
				//用户是否锁定
				if ($user["is_locked"] == 1) {
					ajax_return(0, "帐号已锁定，禁止访问本网站");
				}
				//用户是否锁定
				if ($user["is_disable"] == 1) {
					ajax_return(0, "帐号已禁用，禁止访问本网站");
				}
				//更新最后登录时间,输错次数为0
				$time = time();
				if (empty($_SESSION['openid']) == false) {
					$field = "openid = '" . $_SESSION['openid'] . "', ";
				} else {
					$field = "";
				}
				$sql = "update user set " . $field . " try_times = 0, last_try = '$time', last_login = '$time', is_online = 1, ip = '" . get_client_ip() . "' where id = '" . $user["id"] . "'";
				$this->db->query($sql);
				$user["last_login"] = $time;
				
				//登录信息入session()
				$_SESSION["user"] = $user;
			}
			
			//返回登录信息
			ajax_return(1, "登录成功");
		} else {
			$this->display();
		}
	}
	
	/**
     * 验证码
     */
	public function verify(){
        $Verify = new Verify();  
		$Verify->fontSize = 14;//文字大小
		$Verify->length   = 4; //验证码字数
		$Verify->useNoise = false;
		$Verify->imageW = 100;//图片宽度
		$Verify->imageH = 28;//图片高度
		$Verify->expire = 600;//时效
		$Verify->entry();  
    }
	
	/**
     * 修改密码
	 * @param	string	$oldpassword	旧密码
     * @param	string	$password 		新密码
     * @param	string	$repassword 	确认密码
     */
	public function password() {
		if (IS_POST) {
			//接收参数
			$oldpassword = $_POST["oldpassword"];
			$password = $_POST["password"];
			$repassword = $_POST["repassword"];
			$type = (int)$_POST["type"];
			$uid = $_SESSION["user"]["id"];
			
			//校验参数
			if (! $oldpassword) {
				ajax_return(0, "旧密码不能为空");
			}
			if (! $password) {
				ajax_return(0, "新密码不能为空");
			}
			if ($password != $repassword) {
				ajax_return(0, "两次密码不一致");
			}
			
			//密码类型
			if ($type == 0) {
				//登录密码
				if ($_SESSION["user"]["password"] != md5($oldpassword)) {
					ajax_return(0, "旧密码不正确");
				} else {
					$password = md5($password);
					$sql = "update user set password = '$password' where id = $uid";
				}
			} else {
				//提款密码
				if ($_SESSION["user"]["atmpwd"] != md5($oldpassword)) {
					ajax_return(0, "旧密码不正确");
				} else {
					$password = md5($password);
					$sql = "update user set atmpwd = '$password' where id = $uid";
				}
			}
			
			//更新密码
			$this->db->query($sql);
			ajax_return(1, "密码修改成功");
		}
		$this->display();
	}
	
	/**
     * 系统公告
     */
	public function common() {
		$sql = "select id, author, title, content, add_time from news where status = 1 and type = 1 order by add_time desc";
		$list = $this->db->query($sql)->result_array();
		
		$this->assign("list", $list);
		$this->display();
	}
	
	/**
     * 短消息
     */
	public function message($start_time = 0, $end_time = 0, $p = 1) {
		//接收参数
		$p = intval($p);
		$uid = $_SESSION["user"]["id"];
		$where = " where receiver = $uid";
		
		//搜索时间
		if (! $start_time) $start_time = date("Y-m-d"); 
		if (! $end_time) $end_time = date("Y-m-d");
		if ($start_time > $end_time) $this->error("开始时间不能大于结束时间！");
		$where .= " and addtime >= '" . $start_time . "' and addtime <= '" . ($end_time . " 23:59:59") . "'";
		
		//数据分页
		$pize = 15;//每页数量
		if(0 >= $p) $p = 1;
		$start = ($p - 1) * $pize;//分页开始
		
		//查询总数
		$sql = "select count(*) c from message " . $where;
		$total = $this->db->query($sql)->row_array();
		$total = $total["c"];
		
		//分页查询
		$sql = "select * from message " . $where . " order by id desc limit $start, $pize";
		$list = $this->db->query($sql)->result_array();
		
		//分页展示
		$url = "/" . $this->_controller . "/" . $this->_action . "/" . $start_time . "/". $end_time . "/";
		$page = page_format($total, $pize, $p, $url);
		
		$this->assign("list", $list);
		$this->assign("total", $total);
		$this->assign("page", $page);
		$this->assign("start_time", $start_time);
		$this->assign("end_time", $end_time);
		$this->display();
	}
	
	/**
     * 读取短消息
     */
	public function read_message() {
		if (IS_POST) {
			$id = isset($_POST["id"]) ? (int)$_POST["id"] : 0;
			if ($id > 0) {
				$uid = $_SESSION["user"]["id"];
				$sql = "update message set isread = 1 where id = $id and isread = 0 and receiver = $uid";
				$this->db->query($sql);
			}
			
			ajax_return(1, "success");
		}
	}
	
	/**
     * 交易规则
     */
	public function rules() {
		$sql = "select id, author, title, content, add_time from news where status = 1 and type = 3";
		$result = $this->db->query($sql)->row_array();
		$result['content'] = str_replace(PHP_EOL, "<br />", $result['content']);
		$this->assign("result", $result);
		$this->display();
	}
	
	/**
     * 我的资产
     */
	public function asset() {
		$uid = $_SESSION["user"]["id"];
		$result = get_user($uid, 1);
		
		IS_AJAX && ajax_return(1, "查询成功", $result);
		$this->assign("result", $result);
		$this->display();
	}
	
	/**
     * 退出登录
     */
	public function logout() {
		//删除session
		if (isset($_SESSION["user"])) {
			if (empty($_SESSION['openid']) == false) {
				$field = "openid = '', ";
			} else {
				$field = "";
			}
			//更新在线状态
			$sql = "update user set ".$field." is_online = 0 where id = '" . $_SESSION["user"]["id"] . "'";
			$this->db->query($sql);
			
			unset($_SESSION["user"]);
		}
		
		//返回结果集
		IS_AJAX && ajax_return(1, "退出成功");
		redirect("/user/login");
	}
}
